Category Archives: Security Websies

The Network Ops DDoS Playbook

With the prevalence of DDoS attacks, good preparation and planning can go a long way toward making the DDoS response process as manageable, painless, and inexpensive as possible. The Network Ops DDoS Playbook is a guide focused on how to prepare yourself against a DDoS attack on your business and what to do if you are under attack. You’ll find practical tips, best practices and an overview of the cyber security technologies available to protect … More ?

See more here:
The Network Ops DDoS Playbook

A Massive Botnet of CCTV Cameras Involved in Ferocious DDoS Attacks

All clues lead back to Chinese DVR vendor TVT A botnet of over 25,000 bots lies at the heart of recent DDoS attacks that are ferociously targeting business around the world. More exactly, we’re talking about massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites. US-based security vendor Sucuri discovered this botnet, very active in the last few weeks, and they say it’s mainly composed of compromised CCTV systems from around the world. Their first meeting with the botnet came when a jewelry shop that was facing a prolonged DDoS attack opted to move their website behind Sucuri’s main product, its WAF (Web Application Firewall). Botnet can crank out attacks of 50,000 HTTP requests per second Sucuri thought they had this one covered, just as other cases where companies that move their sites behind their WAF block the attacks, and eventually the attacker moves on to other targets. Instead, they were in for a surprise. While the initial attack was a Layer 7 DDoS with over 35,000 HTTP requests per second hitting the server and occupying its memory with garbage traffic, as soon as the attackers saw the company upgrade their website, they quickly ramped up the attack to 50,000 requests. For Layer 7 attacks, this is an extraordinarily large number, enough to drive any server into the ground. But this wasn’t it. The attackers continued their assault at this high level for days. Botnet’s nature allowed attacks to carry out attacks at higher volumes Usually, DDoS attacks flutter as the bots come online or go offline. The fact that attackers sustained this high level meant their bots were always active, always online. Sucuri’s research into the incident discovered over 25,513 unique IP addresses from where the attacks came. Some of these were IPv6 addresses. The IPs were spread all over the world, and they weren’t originating from malware-infected PCs, but from CCTV systems. Taiwan accounted for a quarter of all compromised IPs, followed by the US, Indonesia, Mexico, and Malaysia. In total, the compromised CCTV systems were located in 105 countries. Top 10 locations of botnet’s IPs The unpatched TVT firmware comes back to haunt us all Of these IPs, 46 percent were assigned to CCTV systems running on the obscure and generic H.264 DVR brand. Other compromised systems were ProvisionISR, Qsee, QuesTek, TechnoMate, LCT CCTV, Capture CCTV, Elvox, Novus, or MagTec CCTV. Sucuri says that all these devices might be linked to Rotem Kerner’s investigation, which discovered a backdoor in the firmware of 70 different CCTV DVR vendors . These companies had bought unbranded DVRs from Chinese firm TVT. When informed of the firmware issues, TVT ignored the researcher, and the issues were never fixed, leading to crooks creating this huge botnet. This is not the first CCTV-based botnet used for DDoS attacks. Incapsula detected a similar botnet last October. The botnet they discovered was far smaller, made up of only 900 bots . Source: http://news.softpedia.com/news/a-massive-botnet-of-cctv-cameras-involved-in-ferocious-ddos-attacks-505722.shtml#ixzz4CsbxFc4A

25,000 malware-riddled CCTV cameras form network-crashing botnet

Watching us and borking you A massive network of hacked CCTV cameras is being used to bring down computers around the world, we’re told.…

Botnet-powered ballot stuffing suspected in 2nd referendum petition

‘Tiny fraction of the overall count’ however A petition for a second EU referendum in the UK has been hit by suspicions of computer automated ballot stuffing, possibly by politically motivated hackers.…

View article:
Botnet-powered ballot stuffing suspected in 2nd referendum petition

Inside the World of the Dark DDoS

This isn’t your grandma’s DDoS Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server.…

View article:
Inside the World of the Dark DDoS

Anonymous Legion claims attack on Minnesota courts website

The international activist hacker group Anonymous Legion is claiming responsibility for an attack on the Minnesota Judicial Branch’s website that rendered it unusable for most of Wednesday. State officials became aware of the “distributed denial-of-service” (DDoS) attack about 8 a.m. Wednesday, around the same time Anonymous Legion e-mailed the Star Tribune. “Servers have also been penetrated and data has been secured, contrary to what they will tell you,” said Anonymous Legion’s e-mail. “This will occur frequently.” The group said the act was executed “collectively, through a global attack.” It is known for DDOS attacks on government websites, among others. The attack is similar to ones that interrupted the site last December. Last year’s attacks were traced to Asia and Canada. The state did not say Wednesday whether the attacks may be linked. “We are in the process of communicating with the FBI Cyber Task Force about this incident,” Beau Berentson, a spokesman for the state court administration office, said in a written statement. The website (www.mncourts.gov), visited by thousands every day looking to access court resources and information, was taken offline as the attack was investigated. Access to the site was restored around 5:15 p.m. “We have no evidence that any secure data has been inappropriately accessed,” Berentson said. Other online resources linked through the website are still functioning, including eFiling and eService, the Court Payment Center and remote access to district and appellate court records. The website was down for several hours from Dec. 21 to 31 in the previous attacks. “In a DDOS attack, an outside entity attempts to overwhelm an online resource with so much network traffic that it is no longer accessible to legitimate users,” State Court Administrator Jeff Shorba said in a January statement about last year’s attacks. “During these attacks, the Minnesota Judicial Branch did not experience any form of data breach or inappropriate access to court records, nor is there any evidence to suggest that the attackers attempted to gain access to Judicial Branch records or information.” Those attacks were reported to the federal government and Canadian authorities. “DDoS attacks are becoming increasingly common against high-profile websites in both the public and private sectors,” Shorba said in January. “While we cannot prevent these attacks from being launched, the Minnesota Judicial Branch is now better prepared to respond to these types of attacks in the future.” Source: http://www.startribune.com/minnesota-courts-website-attacked-again-by-hackers/384003231/

Continue Reading:
Anonymous Legion claims attack on Minnesota courts website

Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists

The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. As previously reported, a video statement posted to YouTube on 4 May by the group said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.” Later, the central bank of Greece admitted its website was taken offline for a short period of time. This was followed by other banks in countries including France, England, Scotland and Sweden. In June, the hackers announced that ‘phase three’ of the operation has started – dubbed Project Mayhem – and that the focus of the campaign would change to include major stock exchanges. In any case, the global banking system has been left shaken by a number of successful hacks, breaches and cyber-heists throughout 2016. In one attack, the Bangladesh central bank was targeted by a highly coordinated team of hackers that were able to steal a massive £81m via fraudulent money transfers. Source: http://www.ibtimes.co.uk/central-banks-south-korea-indonesia-bulk-security-following-ddos-attacks-by-hacktivists-1566836

Continue reading here:
Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

Companies suffer an average of 15 DDoS attacks per year

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to A10 Networks. As DDoS attacks become more popular, they are also growing harder to defend. While the average peak bandwidth of attacks was a staggering 30-40 gigabits per second (Gbps), 59 percent of organizations have experienced an attack over 40 Gbps. A majority of respondents (77%) also expect … More ?

Anonymous take down South African State Broadcasting Corp Website Over News Censorship

Anonymous DDoS South African State Broadcasting Corporation Website, SABC says Anonymous hackers are cowards The online hacktivist group, Anonymous have taken offence at the news censorship in South Africa. An Anonymous affiliated group yesterday brought down the SABC website to protest against the rising censorship in South Africa. The South African Broadcasting Corporation (SABC), which is the official state-sponsored broadcaster of Africa has confirmed that its websites were hacked on Sunday. A Twitter account belonging to a hacktivist group dubbed Anonymous Africa claimed responsibility for the downtime of the SABC websites. The hacker targeted the DDoS attacks at the websites for SABC’s main TV channel, but also the 5FM and SAFM radio stations. The attacks begun at noon on Sunday and stopped four hours later after bringing down all Web-related services. The hacker announced its intentions to carry out the attacks on Twitter, on the night between Saturday and Sunday, about nine hours before they started. Anonymous Africa in a series of tweets on Sunday, said it was carrying out the alleged attack in light of allegations of censorship at the SABC. SABC chief operating officer Hlaudi Motsoeneng has blocked the broadcaster from showing burning of public property in a move to discourage vandalism while he has further driven a controversial ‘good news’ policy. The censorship charges arised after anti-government protests in South Africa that turned violent. It’s after these protests that SABC took its decision, and also urged private TV stations to stand in solidarity. In statements to South African tech news site Fin24, an SABC representative called the attackers “cowards” for attacking a “national key-point.” In the meantime, Anonymous Africa, which claims links to global hacktivist group Anonymous has promised more cyberattacks against the SABC. “We will stop the attacks at SABC (for now) at 4pm. We are not done yet, lots of action coming. Things are going to get wild!” tweeted the group on Sunday. Source: http://www.techworm.net/2016/06/anonymous-take-south-african-state-broadcasting-corp-website-news-censorship.html

More:
Anonymous take down South African State Broadcasting Corp Website Over News Censorship